Author
Topic: Network configuration questions (Read 6474 times)

I have one more configuration issue I'm trying to resolve with my networking configuration.

Here is the scenerio: I have a 500GB HP MediaVault that currently has an IP address of 192.168.1.50, which I defined as static. Therefore it communicates fine with all my "regular" home w/s on this same subnet. I keep all my audio, pictures, and videos here. However, the problem is the CORE hasn't mapped any CIFS shares to it, presumably because the way the CORE works it wants the HP unit to be on the 192.168.80.x subnet to discover it.

But, if I put it on this side of the LAN, I can't see it anymore from the "regular w/s" on the 192.168.1.x subnet. I can't ping or see anything on the 192.168.80.x subnet from them.

So maybe I need some routing entries defined on the CORE so that they will see it, is this correct? If so, where in LCME admin would I do this, and what would the entries have to say. If I leave it the way it is now, I possibly could manually configure the network shares. But are there advantages to having the HP unit on the 192.168.80.x subnet besides the discoverabilty factor?

Switch it to DHCP and put it on the 192.168.80.0/24 network, let LMCE discover it and add the shares as appropriateIn the admin console you need to go to Advanced->Network->Firewall Rules.

Here you can either turn off the firewall completely and it will just route straight through to the internal network like a normal router and your external network and internal network will be able to communicate freely. However, note that if you do this, you will not be able to use the port_forwarding functions of LMCE. These will be needed, typically, if you want to publish something on your internal network to the Internet, like a website. Or if you need to have other kinds of inbound connections to the internal network, eg if you have a bittorrent client on the internal network, for maximum performance you need to forward the port.

Alternatively, you will need to leave the firewall on, and allow only the ports you need through it. This depends on what you want to get access to through the Core.

Basic filesharing is typically on port 445 and perhaps 139 if using Windows. You may need to add others if you want to be able to browse your network neighbourhood. FTP - ports 20/21, ssh-22, web browsing-80, remote desktop-3389

Also, you will also need to add a static route to your broadband router that tells it how to get to the 192.168.80.0/24 network via the Core's external IP address. This will allow clients on the external network to get to the internal network.

You haven't mentioned what kind of connection you have to the WAN. It is possible that you could use LMCE to be your gateway to the WAN and then move the Belkin router to the switch with the MDs. Then let everything get its adresses from LMCE. Of course....you are gonna want to wait til you are running well with LMCE before hand. You mentioned your wife not being happy when the internet is down. Once it is going well you shouldnt really have to take LMCE down for anything. Just a thought. It might end up making the network a little more simple for you.

Also, you will also need to add a static route to your broadband router that tells it how to get to the 192.168.80.0/24 network via the Core's external IP address. This will allow clients on the external network to get to the internal network.

Yes I believe that is the crux of my question, is do I need to add a static route to the Core. Would that be using a shell and using the route command or is there a better way?

Also, you will also need to add a static route to your broadband router that tells it how to get to the 192.168.80.0/24 network via the Core's external IP address. This will allow clients on the external network to get to the internal network.

Yes I believe that is the crux of my question, is do I need to add a static route to the Core. Would that be using a shell and using the route command or is there a better way?

1.) make sure routing is correct (if you put the route on the outside router you don't have to touch all outside clients)2.) make sure the firewall allows the traffic3.) make sure the inside hosts don't get natted when communication with the outside hosts (aka no nat rule)

Following your directions I took a look at my Belkin router's configuration.

1.) make sure routing is correct (if you put the route on the outside router you don't have to touch all outside clients)[/color]

I don't see any ability to put routes into it. The only configuration I see is the port forwarding ability in the firewall settings. Is this where I would have to configure routes to the 192.168.80/24 subnet? I thought this was only used to open ports in the firewall from the internet. Anyway, I put entries into it for ports 80, 139, 445 to forward to my Core/Hybrid external interface, but alas I still don't have access to the HPMediaVault on the internal subnet.

2.) make sure the firewall allows the traffic

See above

3.) make sure the inside hosts don't get natted when communication with the outside hosts (aka no nat rule)

NAT is enabled on the Belkin router. Could you explain this more because I thought I needed to keep NAT turned on to protect the inside computers from internet hacks.

I appreciate y'alls help.

Fins

PS The good news is now all my media shares have been discovered by the Core!

so you don't have a router but an internet access appliance Maybe there is an alternate (linux?) firmware for the device? Setting static routes is really a _basic_ feature of a router.

Quote

2.) make sure the firewall allows the traffic

See above

i meant the firewall on the core. That has to allow traffic from outside hosts routed to the inside. Maybe you wan't to disable it for further tests. The outside router^H^Hinternet access appliance will still "protect" you from the internet.

Quote

3.) make sure the inside hosts don't get natted when communication with the outside hosts (aka no nat rule)

NAT is enabled on the Belkin router. Could you explain this more because I thought I needed to keep NAT turned on to protect the inside computers from internet hacks.

of course you need nat on the outside router. I meant the core. The core also does nat in the default setup. That will possibly interfere with successful routing from outside to inside hosts (to be exact the inside responses will be tried to rewritten).

Then I guess it must be NAT interfering with my routing because I have the CORE firewall off. I can see (ping) the Core's external IP of 192.168.1.100 from the outside subnet when the firewall is off, and can't when the firewall is on. I can't see anything on the 192.168.80/24 subnet from outside.

Could that be more of a gateway problem? It sounds like he has the Belkin router set as the gateway. Won't everything not on its own subnet go there to find other subnets? What do you have set as the gateway on the 1.X stuff?

Yes the Belkin rtr is the gateway for the 192.168.1.x network. So yes everything would have to go there to find another network subnet. How I route packets to 192.168.80.x is the problem. Maybe I can find an update for the Belkin that will allow me to build static routes. I'm no expert, but what may be happening is the packets from the 192.168.1/24 network goes to the belkin, then out to the external WAN side, which then has no idea how to route to 192.168.80/24 subnet, since it is a private address.

I'm no expert, but what may be happening is the packets from the 192.168.1/24 network goes to the belkin, then out to the external WAN side, which then has no idea how to route to 192.168.80/24 subnet, since it is a private address.

of course the belkin uses its own default gateway as it has no "better" route for the 80.x network.To see if this is what's holding you back you could add a static route on a 1.x host for the 192.168.80.0/24 via gateway 192.168.1.<your core's outside ip's last octet here>

Hari is right - the broadband route should have a route function somewhere, it really is one of the most basic things. A NAT/port forward is completely different and yes it probably will interfere if you try to use it as a route. Perhaps take a look to see if the device has a command line interface, not just the web site and telnet into it. Sometimes the more advanced features are in there.

Just be aware though, as I said previously, if you turn the firewall off on the Core, and you want to be able to access this device from the Internet (do you?) then the broadband router needs to be able to NAT to a "remote subnet" which many cannot do.

I don't believe the Belkin can be manually configured for multiple static routes <hmm> so I'm going to put a static route to the internal network on my regular workstations and see how that goes. I don't have any use to access the CORE from the internet at the moment so leaving the firewall off there is no problem. Thanks a bunch.